Example: Authenticate using a client certificate

In this example scenario we will add support for authenticating SOAP requests using a client certificate.

Note: The binary contents of the client certificate can be retrieved in several ways: from a disk file (e.g. a *.pfx file), directly from the machine certificate store, from the database, from a blob on cloud storage, etc. The extension action presented in this example assumes that the binary data of the certificate is already available in an OutSystems application, e.g. in a local variable or as an output parameter of some function call.

Do the following:

1. In Integration Studio create an extension and define an action that will set up the client certificate authentication.

In example below we defined an action in Integration Studio called "SetupCertificateAuth", with a "ClientCertificateContent" input parameter of type Binary Data, and a "CertificatePassword" input parameter of type Text.

2. Click 'Edit Source Code .NET'. In Visual Studio .NET, set the project target framework and add a reference to the System.ServiceModel assembly.

3. Enter the code below, replacing the MssSetupCertificateAuth function placeholder that Integration Studio created for you:

5. In Service Studio, add a reference to the "SetupCertificateAuth" action of your extension in your application module.

6. In the flow of the SOAP callback of your SOAP Web Service, i.e. the flow of "OnBeforeRequestAdvanced", drag the "SetupCertificateAuth" action to the flow.

7. Provide the binary contents of the certificate in the "ClientCertificateContent" parameter and the certificate password in the "CertificatePassword" input parameter.Note: The certificate used to authenticate the client must include a private key, and will most probably be protected by a password.

8. Publish the application module and test the application, checking that the requests made to the consumed SOAP Web Service are correctly authenticated with the provided client certificate.